[ietf-dkim] ancient mail, was Issue 1579: ADSP result set
John Levine
johnl at iecc.com
Sun Jul 6 14:46:24 PDT 2008
>> Um, I think this might be a good time to review what DKIM
>> is and isn't. It's intended to protect messages in transit,
>> not in archives. Umpteen years later, with or without
>> Resent headers, the signing key is unlikely still to be
>> in the DNS, so any process that depends on verifying DKIM
>> on old messages won't work. ADSP doesn't change that.
>
>If the ADSP draft somewhere states that adding Resent-* in
>some legit or malicious ways is intended to bypass all ADSP
>processing I missed it: I only looked for strings beginning
>with "resent-".
There aren't any, since as you perfectly well know, the only header
that ADSP looks at is From:. Adding Resent-* headers has no effect
unless the DKIM signature is set to break when they're added.
I have to say this argument makes no sense to me. Nothing about DKIM
works if you take an ancient message and remail it, since the keys are
not long-lived. Furthermore, nothing in section 3.6.6 of 2822 or
2822bis says that adding Resent- headers is supposed to make people
handle mail in any particular way.
I suppose that "discardable" makes it a little more explicit that
people might treat such mail unfavorably, but it shouldn't come as a
big surprise that mail with stale or broken signatures is less likely
to show up in people's inboxes, with or without Resent-* headers and
with or without ADSP.
R's,
John
More information about the ietf-dkim
mailing list